From: Alex Elder <aelder@sgi.com>
To: Lukas Czerner <lczerner@redhat.com>
Cc: xfs@oss.sgi.com
Subject: Re: [PATCH v3] xfs_repair: Check if agno is inside the filesystem
Date: Fri, 15 Jul 2011 10:07:03 -0500 [thread overview]
Message-ID: <1310742423.2921.17.camel@doink> (raw)
In-Reply-To: <1309271164-29794-1-git-send-email-lczerner@redhat.com>
On Tue, 2011-06-28 at 16:26 +0200, Lukas Czerner wrote:
> When getting an inode tree pointer from an array inode_tree_ptrs, we
> should check if agno, which is used as a pointer to the array, lives
> within the file system, because if it is not, we can end up touching
> uninitialized memory. This may happen if we have corrupted directory
> entry.
>
> This commit fixes it by passing xfs_mount to affected functions and
> checking if agno really is inside the file system.
>
> This solves Red Hat bug #694706
>
> Signed-off-by: Lukas Czerner <lczerner@redhat.com>
OK, it looks like there are basically four changes
here--adding the mount point argument to four functions
and using it to verify (or assert the validity of) the
an AG number. The rest of the changes are simply the
rippling-back effect of adding the mount point.
The change looks good to me. If nobody else objects to
the change I will commit this for you.
Reviewed-by: Alex Elder <aelder@sgi.com>
. . .
> diff --git a/repair/incore.h b/repair/incore.h
> index 99853fb..5e3d95d 100644
> --- a/repair/incore.h
> +++ b/repair/incore.h
. . .
> @@ -316,12 +317,17 @@ findfirst_inode_rec(xfs_agnumber_t agno)
> return((ino_tree_node_t *) inode_tree_ptrs[agno]->avl_firstino);
> }
> static inline ino_tree_node_t *
> -find_inode_rec(xfs_agnumber_t agno, xfs_agino_t ino)
> +find_inode_rec(struct xfs_mount *mp, xfs_agnumber_t agno, xfs_agino_t ino)
> {
> + /*
> + * Is the AG inside the file system
> + */
> + if (agno >= mp->m_sb.sb_agcount)
> + return NULL;
Here is one--validate the agno using the new mp argument.
> return((ino_tree_node_t *)
> avl_findrange(inode_tree_ptrs[agno], ino));
> }
> -void find_inode_rec_range(xfs_agnumber_t agno,
> +void find_inode_rec_range(struct xfs_mount *mp, xfs_agnumber_t agno,
> xfs_agino_t start_ino, xfs_agino_t end_ino,
> ino_tree_node_t **first, ino_tree_node_t **last);
>
. . .
> diff --git a/repair/incore_ino.c b/repair/incore_ino.c
> index febe0c9..7827ff5 100644
> --- a/repair/incore_ino.c
> +++ b/repair/incore_ino.c
> @@ -418,9 +418,11 @@ add_inode_uncertain(xfs_mount_t *mp, xfs_ino_t ino, int free)
> * pull the indicated inode record out of the uncertain inode tree
> */
> void
> -get_uncertain_inode_rec(xfs_agnumber_t agno, ino_tree_node_t *ino_rec)
> +get_uncertain_inode_rec(struct xfs_mount *mp, xfs_agnumber_t agno,
> + ino_tree_node_t *ino_rec)
> {
> ASSERT(inode_tree_ptrs != NULL);
> + ASSERT(agno < mp->m_sb.sb_agcount);
Here is the second.
> ASSERT(inode_tree_ptrs[agno] != NULL);
>
> avl_delete(inode_uncertain_tree_ptrs[agno], &ino_rec->avl_node);
. . .
> @@ -495,9 +497,10 @@ add_inode(xfs_agnumber_t agno, xfs_agino_t ino)
> * pull the indicated inode record out of the inode tree
> */
> void
> -get_inode_rec(xfs_agnumber_t agno, ino_tree_node_t *ino_rec)
> +get_inode_rec(struct xfs_mount *mp, xfs_agnumber_t agno, ino_tree_node_t *ino_rec)
> {
> ASSERT(inode_tree_ptrs != NULL);
> + ASSERT(agno < mp->m_sb.sb_agcount);
Here is the third.
> ASSERT(inode_tree_ptrs[agno] != NULL);
>
> avl_delete(inode_tree_ptrs[agno], &ino_rec->avl_node);
. . .
> @@ -518,14 +521,18 @@ free_inode_rec(xfs_agnumber_t agno, ino_tree_node_t *ino_rec)
> }
>
> void
> -find_inode_rec_range(xfs_agnumber_t agno, xfs_agino_t start_ino,
> - xfs_agino_t end_ino, ino_tree_node_t **first,
> - ino_tree_node_t **last)
> +find_inode_rec_range(struct xfs_mount *mp, xfs_agnumber_t agno,
> + xfs_agino_t start_ino, xfs_agino_t end_ino,
> + ino_tree_node_t **first, ino_tree_node_t **last)
> {
> *first = *last = NULL;
>
> - avl_findranges(inode_tree_ptrs[agno], start_ino,
> - end_ino, (avlnode_t **) first, (avlnode_t **) last);
> + /*
> + * Is the AG inside the file system ?
> + */
> + if (agno < mp->m_sb.sb_agcount)
> + avl_findranges(inode_tree_ptrs[agno], start_ino,
> + end_ino, (avlnode_t **) first, (avlnode_t **) last);
And here is the fourth.
> }
>
> /*
. . .
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2011-07-15 15:07 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-28 14:26 [PATCH v3] xfs_repair: Check if agno is inside the filesystem Lukas Czerner
2011-07-15 15:07 ` Alex Elder [this message]
2011-07-25 14:06 ` Lukas Czerner
2011-07-25 14:45 ` Alex Elder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1310742423.2921.17.camel@doink \
--to=aelder@sgi.com \
--cc=lczerner@redhat.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox